openstack/python-neutronclient
Code Issues Proposed changes
b106160908
python-neutronclient/neutronclient/common/clientmanager.py
Stanislaw Pitucha f273e1b751 Don't log the credentials by default 
Even in case of DEBUG level logging credentials (especially those that
give admin level access) should not be saved into log files.

This way of handling it has the side effect that if someone uses
password "password", it will be replaced in another place too... but
password "password" or some other keyword that can be found in the
request itself was a pretty bad idea to begin with.

Shell utilities are not affected and the verbose mode will still
display the passwords to make debugging easy.

Implements: blueprint limit-credentials-logging
Change-Id: I50d0ebbfbd44c7a5b162d9334b4fdbda67e5c28d
2013-08-02 13:15:34 +00:00

96 lines
3.1 KiB
Python
Raw Blame History

# Copyright 2012 OpenStack LLC.
# All Rights Reserved
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# vim: tabstop=4 shiftwidth=4 softtabstop=4
"""Manage access to the clients, including authenticating when needed.
"""
import logging
from neutronclient import client
from neutronclient.neutron import client as neutron_client
LOG = logging.getLogger(__name__)
class ClientCache(object):
"""Descriptor class for caching created client handles.
"""
def __init__(self, factory):
self.factory = factory
self._handle = None
def __get__(self, instance, owner):
# Tell the ClientManager to login to keystone
if self._handle is None:
self._handle = self.factory(instance)
return self._handle
class ClientManager(object):
"""Manages access to API clients, including authentication.
"""
neutron = ClientCache(neutron_client.make_client)
def __init__(self, token=None, url=None,
auth_url=None,
endpoint_type=None,
tenant_name=None, tenant_id=None,
username=None, password=None,
region_name=None,
api_version=None,
auth_strategy=None,
insecure=False,
ca_cert=None,
log_credentials=False,
):
self._token = token
self._url = url
self._auth_url = auth_url
self._endpoint_type = endpoint_type
self._tenant_name = tenant_name
self._tenant_id = tenant_id
self._username = username
self._password = password
self._region_name = region_name
self._api_version = api_version
self._service_catalog = None
self._auth_strategy = auth_strategy
self._insecure = insecure
self._ca_cert = ca_cert
self._log_credentials = log_credentials
return
def initialize(self):
if not self._url:
httpclient = client.HTTPClient(
username=self._username,
tenant_name=self._tenant_name,
tenant_id=self._tenant_id,
password=self._password,
region_name=self._region_name,
auth_url=self._auth_url,
endpoint_type=self._endpoint_type,
insecure=self._insecure,
ca_cert=self._ca_cert,
log_credentials=self._log_credentials)
httpclient.authenticate()
# Populate other password flow attributes
self._token = httpclient.auth_token
self._url = httpclient.endpoint_url
View Git Blame Copy Permalink